<!doctype html>
<html>
<head>
    <!--Setting-->
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <meta name="renderer" content="webkit|ie-comp|ie-stand">
    <meta name="apple-mobile-web-app-capable"  content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <meta name="format-detection" content="telephone=no,email=no">
    
    
    <!--Simple SEO-->


<meta name="robots" content=all />
<meta name="google" content=all />
<meta name="googlebot" content=all />
<meta name="verify" content=all />
    <!--Title-->

<title>nginx 限制某个IP同一时间段的访问次数 | MIAbon&#39;s blog</title>

<link rel="alternate" href="/atom.xml" title="MIAbon&#39;s blog" type="application/atom+xml">


<link rel="icon" href="/favicon.ico">

    
<link rel="stylesheet" href="/css/base.css">
<link rel="stylesheet" href="/css/pages/post.css">
<link rel="stylesheet" href="//cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="/css/thirdParty/highlight/github.css">
<link rel="stylesheet" href="/.css">

    <!--script-->


<script src="http://cdn1.lncld.net/static/js/3.2.1/av-min.js"></script>
<script>
  var appId = "i7AHmC7NPbPtgS3YxT67dRIc-9Nh9j0Va";
  var appKey = "g6TKbY8O4TsCDMcemoC3STvQ";
  var region = "";
  AV.init({
    appId: appId,
    appKey: appKey,
    region: region
  });
</script>


<script async src="//dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js"></script>

<!--<script src="https://imsun.github.io/gitment/dist/gitment.browser.js"></script>-->


    
    
</head>

<body id="normal">
<!--[if lte IE 8]>
<style>
    html{ font-size: 1em }
</style>
<![endif]-->
<!--[if lte IE 9]>
<style>
    header{ top: 71px; position: absolute!important;}
    #container{padding-top: 151px!important;}
</style>
<div style="position:fixed;z-index:9999;left:0;top:0;width:100%;height:70px;background-color:#e0e0e0;color:#396CA5;border-bottom:1px solid #cecece;text-align:center;line-height:70px;white-space: nowrap;overflow: hidden;text-overflow: ellipsis">你使用的浏览器版本过低，为了你更好的阅读体验，请更新浏览器的版本或者使用其他现代浏览器，比如Chrome、Firefox、Safari等。</div>
<![endif]-->

<div id="wrap">
    <header  style="position: absolute;" >
    <div id="site-meta">
        <a href="/" id="logo">
            <h1 class="title">MIAbon&#39;s blog</h1>
        </a>
        
    </div>
    <ul id="nav">
        
            <li><a href="/"><i class="fa fa-home"></i>首页</a></li>
        
            <li><a href="/atom.xml"><i class="fa fa-rss"></i>RSS</a></li>
        
        <li id="search"><a href="javascript:void(0)"><i class="fa fa-search"></i>搜索</a></li>
    </ul>
</header>

    <div id="container">
        
<ul id="sidebar">
    
    
    
    
<li class="widget widget-normal category">
    <h3 class="fa fa-th widget-title">分类</h3>
    <ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/ELK/"><i class="fa" aria-hidden="true">ELK</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Lvs/"><i class="fa" aria-hidden="true">Lvs</i></a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/admin/"><i class="fa" aria-hidden="true">admin</i></a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/ansible/"><i class="fa" aria-hidden="true">ansible</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/aws/"><i class="fa" aria-hidden="true">aws</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/docker/"><i class="fa" aria-hidden="true">docker</i></a><span class="category-list-count">7</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/drone/"><i class="fa" aria-hidden="true">drone</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/kernel/"><i class="fa" aria-hidden="true">kernel</i></a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/kubernetes/"><i class="fa" aria-hidden="true">kubernetes</i></a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/kvm/"><i class="fa" aria-hidden="true">kvm</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/mongodb/"><i class="fa" aria-hidden="true">mongodb</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link current" href="/categories/python/"><i class="fa" aria-hidden="true">python</i></a><span class="category-list-count">9</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/share/"><i class="fa" aria-hidden="true">share</i></a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/web/"><i class="fa" aria-hidden="true">web</i></a><span class="category-list-count">12</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/zabbix/"><i class="fa" aria-hidden="true">zabbix</i></a><span class="category-list-count">3</span></li></ul>
</li>


    
    
<li class="widget widget-normal archive">
  <h3 class="fa fa-archive widget-title">归档</h3>
    <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/02/"><i class="fa" aria-hidden="true">二月 2018</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/01/"><i class="fa" aria-hidden="true">一月 2018</i></a><span class="archive-list-count">8</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/12/"><i class="fa" aria-hidden="true">十二月 2017</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/11/"><i class="fa" aria-hidden="true">十一月 2017</i></a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/10/"><i class="fa" aria-hidden="true">十月 2017</i></a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/09/"><i class="fa" aria-hidden="true">九月 2017</i></a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/08/"><i class="fa" aria-hidden="true">八月 2017</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/05/"><i class="fa" aria-hidden="true">五月 2017</i></a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/04/"><i class="fa" aria-hidden="true">四月 2017</i></a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/03/"><i class="fa" aria-hidden="true">三月 2017</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/01/"><i class="fa" aria-hidden="true">一月 2017</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/12/"><i class="fa" aria-hidden="true">十二月 2016</i></a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/11/"><i class="fa" aria-hidden="true">十一月 2016</i></a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/10/"><i class="fa" aria-hidden="true">十月 2016</i></a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/08/"><i class="fa" aria-hidden="true">八月 2016</i></a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/05/"><i class="fa" aria-hidden="true">五月 2016</i></a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/04/"><i class="fa" aria-hidden="true">四月 2016</i></a><span class="archive-list-count">8</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2015/05/"><i class="fa" aria-hidden="true">五月 2015</i></a><span class="archive-list-count">1</span></li></ul>
</li>


    
    
<li class="widget widget-normal tags">
  <h3 class="fa fa-tags widget-title">标签云</h3>
  <div class="tagcloud-content">
    
      <a href="/tags/drone/" style="font-size: 0.14rem; color: #69c">drone</a> <a href="/tags/linux/" style="font-size: 0.2rem; color: #0a407c">linux</a> <a href="/tags/kernel/" style="font-size: 0.16rem; color: #4f83b8">kernel</a> <a href="/tags/ELK/" style="font-size: 0.14rem; color: #69c">ELK</a> <a href="/tags/ansible/" style="font-size: 0.14rem; color: #69c">ansible</a> <a href="/tags/swarm/" style="font-size: 0.14rem; color: #69c">swarm</a> <a href="/tags/docker/" style="font-size: 0.18rem; color: #215690">docker</a> <a href="/tags/firewalld/" style="font-size: 0.14rem; color: #69c">firewalld</a> <a href="/tags/zabbix/" style="font-size: 0.16rem; color: #4f83b8">zabbix</a> <a href="/tags/aws/" style="font-size: 0.14rem; color: #69c">aws</a> <a href="/tags/web/" style="font-size: 0.16rem; color: #4f83b8">web</a> <a href="/tags/python/" style="font-size: 0.18rem; color: #215690">python</a> <a href="/tags/spider/" style="font-size: 0.17rem; color: #386da4">spider</a>
  </div>
</li>


    
    
<li class="widget widget-normal friends-link">
    <h3 class="fa fa-globe widget-title">友链</h3><br/>

    
        <a href="http://zhengwei666.wang" class="fa" target="_blank">zhengwei</a>

    
        <a href="https://you-deng.github.io" class="fa" target="_blank">dengyou</a>

    
        <a href="http://www.systemd.cn" class="fa" target="_blank">langyaoliang</a>

    
        <a href="http://www.chen-hao.com.cn/" class="fa" target="_blank">chenhao</a>

    
        <a href="http://www.yulongjun.com" class="fa" target="_blank">yulongjun</a>

    

</li>

    
</ul>


        <div id="main">
    <article id="post">
        <div id="post-header">

            <h1 id="nginx 限制某个IP同一时间段的访问次数">
                
                nginx 限制某个IP同一时间段的访问次数
                
            </h1>
            <div class="article-meta">
    
    
    <span class="categories-meta fa-wrap">
            <i class="fa fa-folder-open-o"></i>
        <span>web</span>
    </span>
    
    
    <span class="fa-wrap">
         <i class="fa fa-tags"></i>
        <span class="tags-meta">
            
            null
            
        </span>
    </span>
    
    
    <span class="fa-wrap">
        <i class="fa fa-clock-o"></i>
        <span class="date-meta ">2016/12/10</span>
    </span>
    
    
    <span class="fa-wrap">
            <i class="fa fa-thermometer-three-quarters"></i>
        <span class="hits hits-meta " data-leadcloud-title="nginx 限制某个IP同一时间段的访问次数"
              data-leadcloud-url="/2016/12/10/nginx_限制某个IP同一时间段的访问次数/"><i class="fa fa-spinner fa-spin"></i></span>
    </span>
    
    
</div>

            
            
            <p class="fa fa-exclamation-triangle warning">
                本文于<strong>419</strong>天之前发表，文中内容可能已经过时。如有疑问，请在评论区留言。
            </p>
            
        </div>
        
        <div id="post-body">
            <p>  如何设置能限制某个IP某一时间段的访问次数是一个让人头疼的问题，特别面对恶意的ddos攻击的时候。其中CC攻击（Challenge Collapsar）是DDOS（分布式拒绝服务）的一种，也是一种常见的网站攻击方法，攻击者通过代理服务器或者肉鸡向向受害主机不停地发大量数据包，造成对方服务器资源耗尽，一直到宕机崩溃。cc攻击一般就是使用有限的ip数对服务器频繁发送数据来达到攻击的目的，nginx可以通过HttpLimitReqModul和HttpLimitZoneModule配置来限制ip在同一时间段的访问次数来防cc攻击。HttpLimitReqModul用来限制连单位时间内连接数的模块，使用limit_req_zone和limit_req指令配合使用来达到限制。一旦并发连接超过指定数量，就会返回503错误。HttpLimitConnModul用来限制单个ip的并发连接数，使用limit_zone和limit_conn指令这两个模块的区别前一个是对一段时间内的连接数限制，后者是对同一时刻的连接数限制。</p>
<h1 id="HttpLimitReqModul实例"><a href="#HttpLimitReqModul实例" class="headerlink" title="HttpLimitReqModul实例"></a>HttpLimitReqModul实例</h1><h2 id="限制某一时间段内同一ip连接数"><a href="#限制某一时间段内同一ip连接数" class="headerlink" title="限制某一时间段内同一ip连接数"></a>限制某一时间段内同一ip连接数</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div></pre></td><td class="code"><pre><div class="line">http&#123;</div><div class="line">    ...</div><div class="line">    <span class="comment">#定义一个名为allips的limit_req_zone用来存储session，大小是10M内存，</span></div><div class="line">    <span class="comment">#以$binary_remote_addr 为key,限制平均每秒的请求为20个，</span></div><div class="line">    <span class="comment">#1M能存储16000个状态，rete的值必须为整数，</span></div><div class="line">    <span class="comment">#如果限制两秒钟一个请求，可以设置成30r/m</span></div><div class="line">    limit_req_zone <span class="variable">$binary_remote_addr</span> zone=allips:10m rate=20r/s;</div><div class="line">    ...</div><div class="line">    server&#123;</div><div class="line">        ...</div><div class="line">        location &#123;</div><div class="line">            ...</div><div class="line">            <span class="comment">#限制每ip每秒不超过20个请求，漏桶数burst为5</span></div><div class="line">            <span class="comment">#brust的意思就是，如果第1秒、2,3,4秒请求为19个，</span></div><div class="line">            <span class="comment">#第5秒的请求为25个是被允许的。</span></div><div class="line">            <span class="comment">#但是如果你第1秒就25个请求，第2秒超过20的请求返回503错误。</span></div><div class="line">            <span class="comment">#nodelay，如果不设置该选项，严格使用平均速率限制请求数，</span></div><div class="line">            <span class="comment">#第1秒25个请求时，5个请求放到第2秒执行，</span></div><div class="line">            <span class="comment">#设置nodelay，25个请求将在第1秒执行。</span></div><div class="line">            limit_req zone=allips burst=5 nodelay;</div><div class="line">            ...</div><div class="line">        &#125;</div><div class="line">        ...</div><div class="line">    &#125;</div><div class="line">    ...</div><div class="line">&#125;</div></pre></td></tr></table></figure>
<h2 id="HttpLimitZoneModule实例"><a href="#HttpLimitZoneModule实例" class="headerlink" title="HttpLimitZoneModule实例"></a>HttpLimitZoneModule实例</h2><p>限制并发连接数<br>limit_zone只能定义在http作用域，limit_conn可以定义在http server location作用域<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div></pre></td><td class="code"><pre><div class="line"> http&#123;    ...</div><div class="line">    <span class="comment">#定义一个名为one的limit_zone,大小10M内存来存储session，</span></div><div class="line">    <span class="comment">#以$binary_remote_addr 为key</span></div><div class="line">    <span class="comment">#nginx 1.18以后用limit_conn_zone替换了limit_conn</span></div><div class="line">    <span class="comment">#且只能放在http作用域</span></div><div class="line">    limit_conn_zone   one  <span class="variable">$binary_remote_addr</span>  10m; </div><div class="line">    ...</div><div class="line">    server&#123;</div><div class="line">        ...</div><div class="line">        location &#123;</div><div class="line">            ...</div><div class="line">           limit_conn one 20;          <span class="comment">#连接数限制</span></div><div class="line">           <span class="comment">#带宽限制,对单个连接限数，如果一个ip两个连接，就是500x2k</span></div><div class="line">           limit_rate 500k;           </div><div class="line">            ...</div><div class="line">        &#125;</div><div class="line">        ...</div><div class="line">    &#125;</div><div class="line">    ...</div><div class="line">&#125;</div></pre></td></tr></table></figure></p>
<h2 id="nginx白名单设置"><a href="#nginx白名单设置" class="headerlink" title="nginx白名单设置"></a>nginx白名单设置</h2><p>以上配置会对所有的ip都进行限制，有些时候我们不希望对搜索引擎的蜘蛛或者自己测试ip进行限制，<br>对于特定的白名单ip我们可以借助geo指令实现。<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div></pre></td><td class="code"><pre><div class="line">http&#123;</div><div class="line">     geo <span class="variable">$limited</span>&#123;</div><div class="line">        default 1;</div><div class="line">        <span class="comment">#google</span></div><div class="line">        64.233.160.0/19 0;</div><div class="line">        65.52.0.0/14 0;</div><div class="line">        66.102.0.0/20 0;</div><div class="line">        66.249.64.0/19 0;</div><div class="line">        72.14.192.0/18 0;</div><div class="line">        74.125.0.0/16 0;</div><div class="line">        209.85.128.0/17 0;</div><div class="line">        216.239.32.0/19 0;</div><div class="line">        <span class="comment">#M$</span></div><div class="line">        64.4.0.0/18 0;</div><div class="line">        157.60.0.0/16 0;</div><div class="line">        157.54.0.0/15 0;</div><div class="line">        157.56.0.0/14 0;</div><div class="line">        207.46.0.0/16 0;</div><div class="line">        207.68.192.0/20 0;</div><div class="line">        207.68.128.0/18 0;</div><div class="line">        <span class="comment">#yahoo</span></div><div class="line">        8.12.144.0/24 0;</div><div class="line">        66.196.64.0/18 0;</div><div class="line">        66.228.160.0/19 0;</div><div class="line">        67.195.0.0/16 0;</div><div class="line">        74.6.0.0/16 0;</div><div class="line">        68.142.192.0/18 0;</div><div class="line">        72.30.0.0/16 0;</div><div class="line">        209.191.64.0/18 0;</div><div class="line">        <span class="comment">#My IPs</span></div><div class="line">        127.0.0.1/32 0;</div><div class="line">        123.456.0.0/28 0; <span class="comment">#example for your server CIDR</span></div><div class="line">    &#125;</div></pre></td></tr></table></figure></p>
<p><strong>geo指令定义了一个白名单$limited变量，默认值为1，如果客户端ip在上面的范围内，$limited的值为0</strong><br><strong>使用map指令映射搜索引擎客户端的ip为空串，如果不是搜索引擎就显示本身真是的ip，这样搜索引擎ip就不能存到limit_req_zone内存session中，所以不会限制搜索引擎的ip访问</strong><br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">map <span class="variable">$limited</span> <span class="variable">$limit</span> &#123;</div><div class="line">1 <span class="variable">$binary_remote_addr</span>;</div><div class="line">0 <span class="string">""</span>;</div><div class="line">&#125;</div></pre></td></tr></table></figure></p>
<p><strong>设置limit_req_zone和limit_req</strong><br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">limit_req_zone <span class="variable">$limit</span> zone=foo:1m rate=10r/m;</div><div class="line">limit_req zone=foo burst=5;</div></pre></td></tr></table></figure></p>
<p>最后我们使用ab压php-fpm的方式，对上面的方法效果实际测试下<br>例1：限制只允许一分钟内只允许一个ip访问60次配置，也就是平均每秒1次<br>首先我们准备一个php脚本放在根目录下$document_root<br>test.php<br>nginx配置增加limit_req_zone 和 limit_req<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div></pre></td><td class="code"><pre><div class="line">http&#123;</div><div class="line">    ...</div><div class="line">    limit_req_zone <span class="variable">$binary_remote_addr</span> zone=allips:10m rate=60r/m;</div><div class="line">    ...</div><div class="line">    server&#123;</div><div class="line">        ...</div><div class="line">        location &#123;</div><div class="line">            ...</div><div class="line">            limit_req zone=allips;</div><div class="line">            ...</div><div class="line">        &#125;</div><div class="line">        ...</div><div class="line">    &#125;</div><div class="line">    ...</div><div class="line">&#125;</div></pre></td></tr></table></figure></p>
<h1 id="测试："><a href="#测试：" class="headerlink" title="测试："></a>测试：</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">ab -n 5 -c 1 http://www.xx.org/test.php</div><div class="line">118.144.94.193 - - [22/Dec/2012:06:27:06 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 200 11000 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:06:27:06 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:06:27:07 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:06:27:07 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:06:27:07 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div></pre></td></tr></table></figure>
<p>未设置brust和nodelay可以看到该配置只允许每秒访问1次，超出的请求返回503错误<br><figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div></pre></td><td class="code"><pre><div class="line">http&#123;</div><div class="line">    ...</div><div class="line">    limit_req_zone <span class="variable">$binary_remote_addr</span> zone=allips:10m rate=60r/m;</div><div class="line">    ...</div><div class="line">    server&#123;</div><div class="line">        ...</div><div class="line">        location &#123;</div><div class="line">            ...</div><div class="line">            limit_req zone=allips burst=1 nodelay;</div><div class="line">            ...</div><div class="line">        &#125;</div><div class="line">        ...</div><div class="line">    &#125;</div><div class="line">    ...</div><div class="line">&#125;</div></pre></td></tr></table></figure></p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">ab -n 5 -c 1 http://www.xx.org/test.php</div><div class="line">118.144.94.193 - - [22/Dec/2012:07:01:00 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 200 11000 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:07:01:00 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 200 11000 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:07:01:01 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:07:01:01 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div><div class="line">118.144.94.193 - - [22/Dec/2012:07:01:01 +0000] <span class="string">"GET /test.php HTTP/1.0"</span> 503 537 <span class="string">"-"</span> <span class="string">"ApacheBench/2.3"</span></div></pre></td></tr></table></figure>
<p>设置brust=1和nodelay后允许第1秒处理两个请求。</p>

        </div>
        <div id="post-footer">
            <div class="avatar" >
                <img src="/img/author.jpg" alt="avatar"/>
                <!-- 
                <a href="javascript:void(0)" class="high-song">high起来 &#128541;</a>
                 -->
                
                <a href="http://backup-miabon.oss-cn-hongkong.aliyuncs.com/img/alipay.jpg" target="_blank" class="donate fa">打赏小弟 &#128536;</a>
                
            </div>
            <ul class="author-profile-section">
                <li>
                  
                  作者:
                  
                    
                    <a href="/about.html">MIAbon</a>
                </li>
                
                <li>发表日期: <span>2016-12-10  08:00:00</span></li>
                
                <li>最后编辑日期: <span>2017-11-23  08:23:00</span></li>
                
                <li class="post-category">
                    文章分类:
                    
                    <a href="/categories/web/">web</a>
                    
                </li>
                <li class="post-tags">
                    文章标签:
                    
                </li>
                
                <li> 版权声明: <a href="https://creativecommons.org/licenses/by-nc-nd/3.0/" target="_blank">
知识共享署名-非商业性使用-禁止演绎 3.0 未本地化版本许可协议（CC BY-NC-ND 3.0）
</a></li>
                
            </ul>
            <div id="donate-wrap">
                
                
                
                <img src="http://www.geasslinks.com/img/alipay.jpg" alt="支付宝付款" class="donate-img">
                
                
            </div>
        </div>
    </article>
    <div class="article-nav">
        
        <a href="/2017/01/10/CentOS6_kvm_install_&_conf/" class="pre-post fa fa-caret-left">CentOS6 kvm</a>
        
        
        <a href="/2016/11/29/oh_my_zsh/" class="next-post fa">oh my zsh</a>
        
    </div>
    
    <div id="comments">
        

<script>
  gitment.render(document.getElementById("comments"));
</script>



    </div>
    
</div>


    </div>
    <footer id="footer">
    
    <div class="social">
        
        <a href="https://www.example1.com" class="fa fa-free-code-camp" target="_blank" title="freecodecamp"></a>
        
        <a href="https://github.com/werewolf2101" class="fa fa-github" target="_blank" title="Follow me~"></a>
        
        <a href="mailto:werewolf2101@gmail.com" class="fa fa-email" target="_blank" title="Email"></a>
        
    </div>
    
    <div>
        
        <a href="/" class="copyright-links">MIAbon</a>&copy;2015 - 2018.All Rights
        Reserved.
    </div>
    <p>Powered by <a href="https://hexo.io" class="copyright-links" target="_blank">Hexo</a> | Theme by <a
                href="https://github.com/GeekaholicLin" class="copyright-links" target="_blank">GeekaholicLin</a>
    </p>
    
    
    <p>
        <span id="busuanzi_container_site_uv" class="fa fa-bar-chart">
        欢迎第<span id="busuanzi_value_site_uv"><i class="fa fa-spinner fa-spin"></i></span>位小伙伴~
        </span>
    </p>
    
</footer>

</div>
    <ul id="tools">
    <li class="totop-btn fa fa-angle-up"></li>
    <li class="exchange-btn fa fa-exchange"></li>
  
    <li class="toc-btn fa fa-list-ul"></li>
    
    

    
</ul>
<p id="process"></p>
<div id="search-overlay">
    <div class="search-area-wrap">
        <div id="search-area">
            <div class="input-wrap focus">
                <i class="fa fa-search" aria-hidden="true"></i>
                <input id="search-input" autofocus autocomplete="off" type="text"
                       placeholder="search this website..."/>
            </div>
            <ul id="search-result">
                <li class="load-first"><i class="fa fa-spinner fa-pulse"></i></li>
            </ul>
        </div>
    </div>
</div>

    <ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#HttpLimitReqModul实例"><span class="toc-number">1.</span> <span class="toc-text">HttpLimitReqModul实例</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#限制某一时间段内同一ip连接数"><span class="toc-number">1.1.</span> <span class="toc-text">限制某一时间段内同一ip连接数</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#HttpLimitZoneModule实例"><span class="toc-number">1.2.</span> <span class="toc-text">HttpLimitZoneModule实例</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#nginx白名单设置"><span class="toc-number">1.3.</span> <span class="toc-text">nginx白名单设置</span></a></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#测试："><span class="toc-number">2.</span> <span class="toc-text">测试：</span></a></li></ol>


    <script src="/js/highsong.js"></script>



<script src="/js/search.js"></script>
<script type="text/javascript">
    //theme config datas
    var copyrightObj = {};
    copyrightObj.enable = 'true';
    copyrightObj.triggerCopyLength = '200';
    copyrightObj.appendText = '商业转载请联系作者获得授权,非商业转载请注明出处 © gasslinks.com';
    var leancloudObj = {};
    leancloudObj.enable = 'true';
    leancloudObj.className = 'blog';
    leancloudObj.limits = '5';
</script>
<script>
var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?dfebe5842f5d4196471b84802392a4b2";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
</script>
<script type="text/javascript">
    var search = {};
    var search_path = "search.xml";
    if (!search_path) {
        search_path = "search.xml";
    }
    search.path = "/" + search_path;
    search.func =  _ajax.init();
</script>
<script src="/js/app.js"></script>


</body>
</html>